step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 16:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity
harden-runner/action.yml
Varun Sharma ac89272860 Add deploy-on-self-hosted-vm option for agent installation on self-hosted runners 
Installs the Harden Runner agent on self-hosted Linux VMs when enabled.
Skipped if running in a container or agent is already installed.
Recommended only for ephemeral runners when baking the agent into the
VM image is not possible. Includes unit tests.
2026-04-12 20:18:10 -07:00

55 lines
2.4 KiB
YAML
Raw Blame History

name: "Harden-Runner"
description: "Harden-Runner provides runtime security for GitHub-hosted and self-hosted runners"
inputs:
allowed-endpoints:
description: "Only these endpoints will be allowed if egress-policy is set to block"
required: false
default: ""
egress-policy:
description: "Policy for outbound traffic, can be either audit or block"
required: false
default: "block"
token:
description: "Used to avoid github rate limiting"
default: ${{ github.token }}
disable-telemetry:
description: "Disable sending telemetry to StepSecurity API, can be set to true or false. This can only be set to true when egress-policy is set to block"
required: false
default: "false"
disable-sudo:
description: "Disable sudo access for the runner account. Note: This parameter will be deprecated in the future. Please use disable-sudo-and-containers instead."
required: false
default: "false"
disable-sudo-and-containers:
description: "Disable sudo and container access for the runner account"
required: false
default: "false"
disable-file-monitoring:
description: "Disable file monitoring"
required: false
default: "false"
policy:
description: "Policy name to be used from the policy store. Requires id-token: write permission."
required: false
default: ""
api-key:
description: "StepSecurity API key for authenticating with the policy store. Required when use-policy-store is set to true."
required: false
default: ""
use-policy-store:
description: "Set to true to fetch policy from the policy store using the API key. This is the preferred method over the policy input which requires id-token: write permission. Policies can be defined and attached at workflow, repo, org, or cluster (for ARC) level in the policy store. The most granular policy will apply."
required: false
default: "false"
deploy-on-self-hosted-vm:
description: "Set to true to deploy the Harden Runner agent directly on a self-hosted runner VM (Linux only). The recommended approach for self-hosted VMs is to bake the agent into the VM image; see docs.stepsecurity.io. Use this option only if baking is not possible, and only for ephemeral runners."
required: false
default: "false"
branding:
icon: "check-square"
color: "green"
runs:
using: "node24"
pre: "dist/pre/index.js"
main: "dist/index.js"
post: "dist/post/index.js"
Reference in a new issue View git blame Copy permalink